OWASP Board Thoughts 2025
Please vote for the OWASP 2025 board
The OWASP 2025 board elections are open. The prime job of a board is to develop and drive strategy. Richard Rumelt’s Good Strategy Bad Strategy: The Difference and Why It Matters presents strategy as finding and exploiting your strategic advantages. As a result, I’m looking at the candidates to see what they see as OWASP’s advantages and how they’re going to exploit them to deliver value to the community.
In doing this, I’m focused on the clarity and directness of their written communication. Effective written communication is a skill I expect of a board member.
The only tactical issue I want to see addressed by a board member is converting the 40,000 member “OWASP Community” Slack channel to a moderated “OWASP Announce.” That channel is wasted. Based on the non-responses to messages, it’s been muted by 40,000 people because it’s full of preview cards, responses to threads and people saying hi. OWASP should be leveraging it as a key communication channel.
Some of the trends come out of the nature of the questions, such as one about stale projects.
The candidate statements are all linked from OWASP Global Board Candidates. My notes as I read them are below. It was challenging to select four. I encourage every OWASP member to vote. My votes are bolded.
- Adrian Winckles. Pros: Clear answers to questions. Con: Three specific outcomes seem pretty tactical, but they are 90 day activities.
- Arkadii Yakovets. His statement amounts to “watch my video.” I did not.
- Aruneesh Salhotra. Can’t find answers to the questions of what he’d do in his 5233 words with pretty graphics.
- Arvind Janardhanan. Pro: clear answers to what he’d do: project health dashboard, leadership engagement and domain focus.
- Chirag Shah. Lists 2 90 day action plans, one of which is community engagement roundtables, the other a project accountability framework. The proposal to reframe OWASP content into business outcomes is interesting, but seems like it abandons the current strength for a prospective gain which is unproven.
- Diego Silva Martins. Pros: Concise and clear answers. Member value framework. Project transparency and project evaluation as 90 day goals. Con: Not a fan of mentorship/localization as board level initiatives, but I do recognize the value to many people.
- Fred Donovan. Pros: Sees a need for revised funding
- Gustavo Arreaza. Pros: Crisp answers including staying relevant in emerging domains. Con
- Jeremy Long. Pros: Has developed a hugely popular project, which informs his goals like better infrastructure and sustainable funding of thriving projects. Cons: His perspective seems centered on OWASP software projects. But as I said above: strategy involves making choices about focus.
- Jerry Hoff. Pros: clear focus on leveraging OWASP’s strength to drive revenue. Money can’t buy you love, but it can certainly reduce categories of problems. I appreciate the words “as a board member, my focus will be on empowering the OWASP staff and community.”
- Kelly Santalucia. Pros: Has worked for OWASP for a long time, with a focus on delivering the Executive Advisory Report. Cons: has worked as staff, which sometimes hinders shifting into a board seat.
- Marisa Fagan. Pros: Focus on developers, sponsors. “There cannot be any resources spent on a rallying tour either. Such exercises in futility have been tried before.”
- Sam Stepanyan. Pros: Developer certification, training. Cons: leader orientation course. While we should have this, it seems tactical.
- Steve Springett. Pros: OKRs, revenue and an impact report all seem like good board goals. I also appreciate his saying “This is an operational issue, and the OWASP Board should not be directly managing or policing projects.”